Re: [certid] [cabfman] fyi: newly revised version: draft-saintandre-tls-server-id-check

Wed, 20 Oct 2010 14:17:49 -0700

Eddy and all,


-----Original Message-----
From: "Eddy Nigg (StartCom Ltd.)"
Sent: Oct 20, 2010 2:46 PM
To: "Hodges, Jeff"
Cc: [email protected]
Subject: Re: [certid] [cabfman] fyi: newly revised version: draft-saintandre-tls-server-id-check


On 10/20/2010 08:28 PM, From Hodges, Jeff:
   o  Move away from including and checking strings that look like
      domain names in the subject's Common Name.


I applaud this recommendation since this has never been part of the standard in first place and only was meant as a temporary bridge during moving from x.509 version 2 to version 3.

Good point. 

   o  Move away from the issuance of so-called wildcard certificates
      (e.g., a certificate containing an identifier for
      "*.example.com").


However I'm not sure why wild cards should be prohibited, since this is perfectly standard compliant. There are valid use-cases for wild cards and in fact some of the biggest companies on the Internet are prevented from using EV certificates exactly because of this prohibition (to use wild cards with EV). I suggest to reconsider this recommendation.

 

I agree here.

Regards 
 
Signer:  Eddy Nigg, COO/CTO
  StartCom Ltd.
XMPP:  [email protected]
Blog:  Join the Revolution!
Twitter:  Follow Me
 


Regards,
Jeffrey A. Williams
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail [email protected]
Phone: 214-244-4827
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid

Reply via email to